/** * Does the realm require verifying the caller? * * @return */ @JsonIgnore public boolean isVerifyCaller() { if (getRealmAccess() != null && getRealmAccess().getVerifyCaller() != null) return getRealmAccess().getVerifyCaller().booleanValue(); return false; }
@Override public Set<String> getRole() { return this.auth.getRealmAccess().getRoles(); }
@Override public boolean isUserInRole(String role) { return this.auth.getRealmAccess().isUserInRole(role); }
@Override public Set<String> getRoles() { return Collections.unmodifiableSet(keycloakSecurityContext.getToken().getRealmAccess().getRoles()); }
private Set<String> selectRealmRoles() { Set<String> roles = new HashSet<>(); AccessToken.Access realmAccess = securityContext.getToken().getRealmAccess(); if (realmAccess != null && realmAccess.getRoles() != null) { roles.addAll(realmAccess.getRoles()); } return Collections.unmodifiableSet(roles); }
private void checkRealmAdmin() { if (auth == null) { throw new NotAuthorizedException("Bearer"); } else if (auth.getToken().getRealmAccess() == null || !auth.getToken().getRealmAccess().isUserInRole("admin")) { throw new ForbiddenException("Does not have realm admin role"); } }
private Collection<? extends Role> createRoles(final AccessToken accessToken) { Set<String> roleNames = new HashSet<String>(); //Add app roles first, if any AccessToken.Access access = accessToken.getResourceAccess(accessToken.getIssuedFor()); if (access != null && access.getRoles() != null){ roleNames.addAll(access.getRoles()); } //Add realm roles next, if any AccessToken.Access realmAccess = accessToken.getRealmAccess(); if (realmAccess != null && realmAccess.getRoles() != null){ roleNames.addAll(realmAccess.getRoles()); } final List<Role> roles = new ArrayList<Role>(roleNames.size()); for (final String roleName : roleNames) { roles.add(new RoleImpl(roleName)); } return roles; }
public static Set<String> getRolesFromSecurityContext(RefreshableKeycloakSecurityContext session) { Set<String> roles = null; AccessToken accessToken = session.getToken(); if (session.getDeployment().isUseResourceRoleMappings()) { if (log.isTraceEnabled()) { log.trace("useResourceRoleMappings"); } AccessToken.Access access = accessToken.getResourceAccess(session.getDeployment().getResourceName()); if (access != null) roles = access.getRoles(); } else { if (log.isTraceEnabled()) { log.trace("use realm role mappings"); } AccessToken.Access access = accessToken.getRealmAccess(); if (access != null) roles = access.getRoles(); } if (roles == null) roles = Collections.emptySet(); if (log.isTraceEnabled()) { log.trace("Setting roles: "); for (String role : roles) { log.trace(" role: " + role); } } return roles; }
AccessToken.Access realmAccess = token.getRealmAccess(); if (realmAccess != null && realmAccess.getRoles() != null) { for (String r : realmAccess.getRoles()) {
@Override public boolean hasRole(String roleKey) { checkState(); return Connections.getKeycloak().getToken().getRealmAccess().isUserInRole(roleKey); }
AccessToken.Access realmAccess = accessToken.getRealmAccess(); if (realmAccess != null) { roles.addAll(Optional.fromNullable(realmAccess.getRoles()).or(Collections.emptySet()));
@Override public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object handler) { try { SimpleHttpFacade simpleHttpFacade = new SimpleHttpFacade(httpServletRequest, httpServletResponse); AccessToken accessToken = simpleHttpFacade.getSecurityContext().getToken(); Set<String> resourceRoles = Sets.newHashSet(); AccessToken.Access resourceAccess = accessToken.getResourceAccess() .getOrDefault(keycloakResource, null); if (resourceAccess != null) { resourceRoles = resourceAccess.getRoles(); } locKeycloakLog.save( LocKeycloakLog.LocKeycloakLogDomain.builder() .param(httpServletRequest.getParameterMap().toString()) .createDateTime(LocalDateTime.now()).url(httpServletRequest.getContextPath()) .userName(accessToken.getName()).email(accessToken.getEmail()) .realmRoles(accessToken.getRealmAccess().getRoles()) .resourceRoles(resourceRoles).build()); log.info("keycloak security pre handle {} ({}) in {} access {}", accessToken.getName(), accessToken.getEmail(), accessToken.getAudience()[0], httpServletRequest.getRequestURI()); } catch (Exception e) { log.warn(e.getMessage(), e); } return true; }
@SuppressWarnings("unchecked") private Object createUserDetails(NativeWebRequest webRequest) { KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = (KeycloakPrincipal<RefreshableKeycloakSecurityContext>) webRequest.getUserPrincipal(); AccessToken token = principal.getKeycloakSecurityContext().getToken(); return new UserDetails(token.getId(), token.getGivenName(), token.getFamilyName(), token.getEmail(), token.getRealmAccess().getRoles()); }